How Small Businesses Can Address Security Risks
Cyber security isn’t just an alarmist buzzword anymore, it's a real threat to the financial health of businesses everywhere.
Cybersecurity isn't just an alarmist buzzword anymore, it's a real threat to the financial health of businesses everywhere. According to consultancy firm PricewaterhouseCoopers, cybersecurity incidents increased by 38 percent between 2014 and 2015. Many of these have made headlines in recent years, as hackers have hit retail giants like Target and Home Depot to loot millions of customer credit card numbers and other personal data. As a result of these highly publicized cases, respondents in PWC's survey said they had boosted their security budgets by an average of 24 percent.
Even if industries are responding to the increasing risk, the cost of complacency in the realm of cybersecurity is massive. Thefts of sensitive data cost businesses anywhere from $300 billion to $1 trillion per year globally, according to estimates from security firm McAfee. The average cost of a data breach for a business could total up to $3.79 million.
While the hacks of giant corporate entities gain the most media attention, little thought is given to the security of small businesses, which tend to be easier targets for hackers. Due to budget constraints, the time involved or just a misunderstanding of the risks, many small businesses do not take the proper steps to protect sensitive data from thieves. Business News Daily spoke with Stephen Cobb , a senior security researcher at software firm ESET, who remarked small businesses represent a "sweet spot" for cybercriminals. While small businesses have more valuable digital assets than the typical consumer, they also generally have fewer advanced security measures in place than larger organizations.
The reasons behind these common sentiments are numerous. Business News Daily cited a study from Towergate Insurance which found a whopping 97 percent of small businesses don't make digital security a priority. An additional 82 percent of survey respondents estimated they were at virtually no risk of a cyberattack because they had nothing worth stealing. Cobb noted that while it is indeed unlikely that a specific small business would get singled out for an attack, that doesn't mean every small business is safe from broad attacks on popular software.
"Attacking is typically done by software at scale," Cobb told Business News Daily. "There are small businesses who think, 'Why would some hacker be trying to get into Fred's Gardening Store?' He wouldn't, but the hacker may have written a software that's scanning everything it can find."
Security strategies for small business
With the disproportionate risk of cyberattacks that small businesses face, it pays to be protected. Some of the best defenses against these types of risk are also the most basic.
- Have a plan: According to Towergate, 31 percent of small businesses don't have a plan in place for dealing with a data breach. Even 22 percent of these businesses say they wouldn't even know where to begin in terms of containing the damage. Small businesses should work with a professional, or at least take some time to research security measures, to be prepared for the possibility of attack.
- Don't assume: Many business owners will simply assume they are protected from a security breach, either because of security measures already in place or the belief that they aren't a target. Business News Daily noted that although the federal government insures personal bank accounts against fraud, this does not apply to business accounts. In addition, general liability insurance does not typically cover losses from data breaches without a special rider.
- Take note of employees: It's unfortunate, but a large number of cyberattacks happen because of an employee's actions, and not necessarily with any criminal intent. Computers or mobile phones with sensitive data get lost or stolen frequently, which can open up the possibility of data theft. Have a plan in place for dealing with these accidents, but also make sure to keep a close eye on workers with access to sensitive information.
It's impossible to account for all the risks a business may face on a daily basis. Cybersecurity isn't the only vulnerability that a small business must deal with, especially when viewed alongside day-to-day business operations. But given the outsized risk faced by such companies, even the basic steps can make a huge difference in the end.
For more information on how you can help protect your business, talk to the professionals at Vectra Bank.